search

shohu / c0ban

c0ban source tree
MIT License
0 stars 0 forks source link

Replay Attack No2 #49

Closed shohu closed 6 years ago

shohu commented 6 years ago

Old Pool

/usr/local/bin/c0ban-cli -rpcuser=c0ban -rpcpassword=c0ban -datadir=/c0ban-block/data1 -rpcport=3882 getaddressesbyaccount ""

miARYLvA4EM2e3yM4e2PkW1XgUBD1AVKbH cR3koXLvTWdsWcsYzCek7gGSAKPxArReWFxEkLgLy39e3g5Y57ia

/usr/local/bin/c0ban-cli -rpcuser=c0ban -rpcpassword=c0ban -datadir=/c0ban-block/data1 -rpcport=3882 dumpprivkey miARYLvA4EM2e3yM4e2PkW1XgUBD1AVKbH /usr/local/bin/c0ban-cli -rpcuser=c0ban -rpcpassword=c0ban -datadir=/c0ban-block/data1 -rpcport=3882 getnewaddress

muoez2ovUq8q624AxoLXWXqLHTuSN1WbEN

New Pool

mxXzr1fUA1NCFBtBcvpQP8u1nsYKsUnPEC

importprivkey c0ban-cli -rpcuser=c0ban -rpcpassword=c0ban -rpcport=3882 importprivkey cR3koXLvTWdsWcsYzCek7gGSAKPxArReWFxEkLgLy39e3g5Y57ia

c0ban-cli -rpcuser=c0ban -rpcpassword=c0ban - { "": 0.00000000 }

c0ban-cli -rpcuser=c0ban -rpcpassword=c0ban -rpcport=3882 validateaddress miARYLvA4EM2e3yM4e2PkW1XgUBD1AVKbH c0ban-cli -rpcuser=c0ban -rpcpassword=c0ban -rpcport=3882 validateaddress muoez2ovUq8q624AxoLXWXqLHTuSN1WbEN

Old Pool

c0ban-cli -rpcuser=c0ban -rpcpassword=c0ban -rpcport=3882 sendtoaddress muoez2ovUq8q624AxoLXWXqLHTuSN1WbEN 10 002fc37dbda902fdf7bb1c9b4761ec9ca70a12276bba8b5ac930c4e7c09c31bc c0ban-cli -rpcuser=c0ban -rpcpassword=c0ban -rpcport=3882 gettransaction 002fc37dbda902fdf7bb1c9b4761ec9ca70a12276bba8b5ac930c4e7c09c31bc { "amount": 0.00000000, "fee": -0.00003840, "confirmations": 0, "trusted": true, "txid": "002fc37dbda902fdf7bb1c9b4761ec9ca70a12276bba8b5ac930c4e7c09c31bc", "walletconflicts": [ ], "time": 1530590928, "timereceived": 1530590928, "bip125-replaceable": "no", "details": [ { "account": "", "address": "muoez2ovUq8q624AxoLXWXqLHTuSN1WbEN", "category": "send", "amount": -10.00000000, "label": "", "vout": 0, "fee": -0.00003840, "abandoned": false }, { "account": "", "address": "muoez2ovUq8q624AxoLXWXqLHTuSN1WbEN", "category": "receive", "amount": 10.00000000, "label": "", "vout": 0 } ], "hex": "0200000001d93b8d11d70d901c0dc292c3ec5fef84474c2098a8ac8280a24a5e6419265d1a00000000494830450221009a5508182eaf3ac2597e8a5885ac2bf5c33323a3797be85ad5f1f80afe81eca5022071735b1698b00c3d1047898cdc490e9c693d6bbc8b3d621fde46d2b8a69ca49201feffffff0200ca9a3b000000001976a9149cba61ce928017e244d0bda48dfb3e89d1bddcc588ac00179dfeff0100001976a91494e024571ef4174307b51f26b1a2cddd816f8ead88ac82000000" }

New Pool

c0ban-cli -rpcuser=c0ban -rpcpassword=c0ban -rpcport=3882 gettransaction 002fc37dbda902fdf7bb1c9b4761ec9ca70a12276bba8b5ac930c4e7c09c31bc 0c4e7c09c31bc gettransaction 002fc37dbda902fdf7bb1c9b4761ec9ca70a12276bba8b5ac93 error code: -5 error message: Invalid or non-wallet transaction id c0ban-cli -rpcuser=c0ban -rpcpassword=c0ban -rpcport=3882 listunspent 1 999999 '["muoez2ovUq8q624AxoLXWXqLHTuSN1WbEN"]' [ { "txid": "002fc37dbda902fdf7bb1c9b4761ec9ca70a12276bba8b5ac930c4e7c09c31bc", "vout": 0, "address": "muoez2ovUq8q624AxoLXWXqLHTuSN1WbEN", "account": "", "scriptPubKey": "76a9149cba61ce928017e244d0bda48dfb3e89d1bddcc588ac", "amount": 10.00000000, "confirmations": 1, "spendable": true, "solvable": true, "safe": true } ]

Old Pool

/usr/local/bin/c0ban-cli -rpcuser=c0ban -rpcpassword=c0ban -rpcport=3882 generate 1 c0ban-cli -rpcuser=c0ban -rpcpassword=c0ban -rpcport=3882 listunspent 1 999999 '["muoez2ovUq8q624AxoLXWXqLHTuSN1WbEN"]' [ ]

================ NewC0banでの送金がOldC0banへ派生するかのチェック

New Pool

validateaddress

c0ban-cli -rpcuser=c0ban -rpcpassword=c0ban -rpcport=3882 listunspent 1 999999 '["miARYLvA4EM2e3yM4e2PkW1XgUBD1AVKbH"]' c0ban-cli -rpcuser=c0ban -rpcpassword=c0ban -rpcport=3882 sendtoaddress muoez2ovUq8q624AxoLXWXqLHTuSN1WbEN 33 22fc91638451c3245767983ec6590f1e014ae8d6f85a6d754604255b46b364b0 c0ban-cli -rpcuser=c0ban -rpcpassword=c0ban -rpcport=3882 gettransaction 22fc91638451c3245767983ec6590f1e014ae8d6f85a6d754604255b46b364b0 { "amount": -22.00000000, "fee": -0.00003840, "confirmations": 0, "trusted": true, "txid": "22fc91638451c3245767983ec6590f1e014ae8d6f85a6d754604255b46b364b0", "walletconflicts": [ ], "time": 1530597696, "timereceived": 1530597696, "bip125-replaceable": "no", "details": [ { "account": "", "address": "muoez2ovUq8q624AxoLXWXqLHTuSN1WbEN", "category": "send", "amount": -22.00000000, "vout": 1, "fee": -0.00003840, "abandoned": false } ], "hex": "0200000001d5dec1fc399403d447399c2372b32b4b6444017d6e932c75adff6fb2b572e55b00000000494830450221008dd1cc8df747159d82848682fc0ca92a82edcdc13b1d90b94b5a5f4effe08bca022076f6b0b2d5117ef166f88473b75572f4ae1bfa2a15f357cfa9e02236cd8345ea01feffffff02008b16b7ff0100001976a9141d28d5a1e67bb14396f6a100b862a5a292da5c8e88ac00562183000000001976a9149cba61ce928017e244d0bda48dfb3e89d1bddcc588ac72000000" }

Old Pool

c0ban-cli -rpcuser=c0ban -rpcpassword=c0ban -rpcport=3882 gettransaction 22fc91638451c3245767983ec6590f1e014ae8d6f85a6d754604255b46b364b0 { "amount": -21977.99996160, "fee": -0.00003840, "confirmations": 0, "trusted": true, "txid": "22fc91638451c3245767983ec6590f1e014ae8d6f85a6d754604255b46b364b0", "walletconflicts": [ ], "time": 1530597698, "timereceived": 1530597698, "bip125-replaceable": "no", "details": [ { "account": "", "address": "miB8or8zA3QJPHcmpW9fZiopbPPqxEyT2j", "category": "send", "amount": -21977.99996160, "vout": 0, "fee": -0.00003840, "abandoned": false }, { "account": "", "address": "muoez2ovUq8q624AxoLXWXqLHTuSN1WbEN", "category": "send", "amount": -22.00000000, "label": "", "vout": 1, "fee": -0.00003840, "abandoned": false }, { "account": "", "address": "muoez2ovUq8q624AxoLXWXqLHTuSN1WbEN", "category": "receive", "amount": 22.00000000, "label": "", "vout": 1 } ], "hex": "0200000001d5dec1fc399403d447399c2372b32b4b6444017d6e932c75adff6fb2b572e55b00000000494830450221008dd1cc8df747159d82848682fc0ca92a82edcdc13b1d90b94b5a5f4effe08bca022076f6b0b2d5117ef166f88473b75572f4ae1bfa2a15f357cfa9e02236cd8345ea01feffffff02008b16b7ff0100001976a9141d28d5a1e67bb14396f6a100b862a5a292da5c8e88ac00562183000000001976a9149cba61ce928017e244d0bda48dfb3e89d1bddcc588ac72000000" }

c0ban-cli -rpcuser=c0ban -rpcpassword=c0ban -rpcport=3882 listunspent 1 999999 '["muoez2ovUq8q624AxoLXWXqLHTuSN1WbEN"]' [ { "txid": "22fc91638451c3245767983ec6590f1e014ae8d6f85a6d754604255b46b364b0", "vout": 1, "address": "muoez2ovUq8q624AxoLXWXqLHTuSN1WbEN", "account": "", "scriptPubKey": "76a9149cba61ce928017e244d0bda48dfb3e89d1bddcc588ac", "amount": 22.00000000, "confirmations": 1, "spendable": true, "solvable": true, "safe": true }, { "txid": "002fc37dbda902fdf7bb1c9b4761ec9ca70a12276bba8b5ac930c4e7c09c31bc", "vout": 0, "address": "muoez2ovUq8q624AxoLXWXqLHTuSN1WbEN", "account": "", "scriptPubKey": "76a9149cba61ce928017e244d0bda48dfb3e89d1bddcc588ac", "amount": 10.00000000, "confirmations": 2, "spendable": true, "solvable": true, "safe": true }, { "txid": "30cfe67d51d9291310a31c8fa5c3fd505496272f5d4e174fc890b7a50d9031f4", "vout": 0, "address": "muoez2ovUq8q624AxoLXWXqLHTuSN1WbEN", "account": "", "scriptPubKey": "76a9149cba61ce928017e244d0bda48dfb3e89d1bddcc588ac", "amount": 22.00000000, "confirmations": 1, "spendable": true, "solvable": true, "safe": true } ]

shohu commented 6 years ago

New Algo pool -> Old Alog pool

debug.log at Old Algo pool

2018-07-03 06:20:01 trying connection c0ban-test:3883 lastseen=0.0hrs
2018-07-03 06:20:01 Added connection peer=587
2018-07-03 06:20:01 sending version (102 bytes) peer=587
2018-07-03 06:20:01 socket send error Broken pipe (32)
2018-07-03 06:20:01 disconnecting peer=587
2018-07-03 06:20:01 send version message: version 70015, blocks=133, us=[::]:0, peer=587
2018-07-03 06:20:01 Cleared nodestate for peer=587
2018-07-03 06:20:01 received: inv (37 bytes) peer=578
2018-07-03 06:20:01 got inv: tx 5541ba37de7eaf4ef6844c012bbd0f4682f4c483f3818269b859e04a642f78da  new peer=578
2018-07-03 06:20:01 askfor witness-tx 5541ba37de7eaf4ef6844c012bbd0f4682f4c483f3818269b859e04a642f78da  0 (00:00:00) peer=578
2018-07-03 06:20:01 Requesting witness-tx 5541ba37de7eaf4ef6844c012bbd0f4682f4c483f3818269b859e04a642f78da peer=578
2018-07-03 06:20:01 sending getdata (37 bytes) peer=578
2018-07-03 06:20:01 received: tx (191 bytes) peer=578
2018-07-03 06:20:01 AddToWallet 5541ba37de7eaf4ef6844c012bbd0f4682f4c483f3818269b859e04a642f78da  new
2018-07-03 06:20:01 Checking mempool with 1 transactions and 1 inputs
2018-07-03 06:20:01 AcceptToMemoryPool: peer=578: accepted 5541ba37de7eaf4ef6844c012bbd0f4682f4c483f3818269b859e04a642f78da (poolsz 1 txn, 1 kB)

debug.log at New Algo pool

2018-07-03 06:20:01 Received a POST request for / from 127.0.0.1:41136
2018-07-03 06:20:01 ThreadRPCServer method=sendtoaddress
2018-07-03 06:20:01 keypool added 1 keys (1 internal), size=2000 (1000 internal)
2018-07-03 06:20:01 keypool reserve 1003
2018-07-03 06:20:01 Fee Calculation: Fee:3840 Bytes:192 Needed:3840 Tgt:0 (requested 6) Reason:"Fallback fee" Decay 0.00000: Estimation: (-1 - -1) -nan% 0.0/(0.0 0 mem 0.0 out) Fail: (-1 - -1) -nan% 0.0/(0.0 0 mem 0.0 out)
2018-07-03 06:20:01 CommitTransaction:
CTransaction(hash=5541ba37de, ver=2, vin.size=1, vout.size=2, nLockTime=114)
    CTxIn(COutPoint(4b30252585, 0), scriptSig=4730440220520078c6c27ce1, nSequence=4294967294)
    CScriptWitness()
    CTxOut(nValue=21944.99996160, scriptPubKey=76a9149afb75daf84007cc66af1efa)
    CTxOut(nValue=55.00000000, scriptPubKey=76a9149cba61ce928017e244d0bda4)
2018-07-03 06:20:01 keypool keep 1003
2018-07-03 06:20:01 AddToWallet 5541ba37de7eaf4ef6844c012bbd0f4682f4c483f3818269b859e04a642f78da  new
2018-07-03 06:20:01 AddToWallet 5541ba37de7eaf4ef6844c012bbd0f4682f4c483f3818269b859e04a642f78da
2018-07-03 06:20:01 Relaying wtx 5541ba37de7eaf4ef6844c012bbd0f4682f4c483f3818269b859e04a642f78da
2018-07-03 06:20:01 connection from 172.20.0.2:59796 dropped (banned)
2018-07-03 06:20:01 sending inv (37 bytes) peer=8
2018-07-03 06:20:01 received: getdata (37 bytes) peer=8
2018-07-03 06:20:01 received getdata (1 invsz) peer=8
2018-07-03 06:20:01 received getdata for: witness-tx 5541ba37de7eaf4ef6844c012bbd0f4682f4c483f3818269b859e04a642f78da peer=8
2018-07-03 06:20:01 sending tx (191 bytes) peer=8
2018-07-03 06:20:03 Flushing wallet.dat
2018-07-03 06:20:03 Flushed wallet.dat 12ms

Old Algo pool -> New Alog pool

debug.log at New Algo pool

2018-07-03 06:25:14 sending ping (8 bytes) peer=8
2018-07-03 06:25:14 received: pong (8 bytes) peer=8
2018-07-03 06:25:14 received: ping (8 bytes) peer=8
2018-07-03 06:25:14 sending pong (8 bytes) peer=8
2018-07-03 06:25:15 received: inv (37 bytes) peer=8
2018-07-03 06:25:15 got inv: tx aa0523b21e15e6e8c293b697331cfffd339ba1bc6646e5601463a2055f5f4681  new peer=8
2018-07-03 06:25:15 askfor witness-tx aa0523b21e15e6e8c293b697331cfffd339ba1bc6646e5601463a2055f5f4681  0 (00:00:00) peer=8
2018-07-03 06:25:15 Requesting witness-tx aa0523b21e15e6e8c293b697331cfffd339ba1bc6646e5601463a2055f5f4681 peer=8
2018-07-03 06:25:15 sending getdata (37 bytes) peer=8
2018-07-03 06:25:15 received: tx (226 bytes) peer=8
2018-07-03 06:25:15 aa0523b21e15e6e8c293b697331cfffd339ba1bc6646e5601463a2055f5f4681 from peer=8 was not accepted: non-final (code 64)
2018-07-03 06:25:15 sending reject (46 bytes) peer=8

debug.log at Old Algo pool

2018-07-03 06:25:13 Received a POST request for / from 127.0.0.1:41254
2018-07-03 06:25:13 ThreadRPCServer method=sendtoaddress
2018-07-03 06:25:13 keypool added 1 keys (1 internal), size=2000 (1000 internal)
2018-07-03 06:25:13 keypool reserve 1004
2018-07-03 06:25:13 Fee Calculation: Fee:4520 Bytes:226 Needed:4520 Tgt:1 (requested 6) Reason:"Fallback fee" Decay 0.00000: Estimation: (-1 - -1) -nan% 0.0/(0.0 0 mem 0.0 out) Fail: (-1 - -1) -nan% 0.0/(0.0 0 mem 0.0 out)
2018-07-03 06:25:13 CommitTransaction:
CTransaction(hash=aa0523b21e, ver=2, vin.size=1, vout.size=2, nLockTime=133)
    CTxIn(COutPoint(ab015a1912, 1), scriptSig=483045022100e757e8dad840, nSequence=4294967294)
    CScriptWitness()
    CTxOut(nValue=30.99995480, scriptPubKey=76a9142239eed5e44f5dc79303a5b8)
    CTxOut(nValue=2.00000000, scriptPubKey=76a9149cba61ce928017e244d0bda4)
2018-07-03 06:25:13 keypool keep 1004
2018-07-03 06:25:13 AddToWallet aa0523b21e15e6e8c293b697331cfffd339ba1bc6646e5601463a2055f5f4681  new
2018-07-03 06:25:13 AddToWallet aa0523b21e15e6e8c293b697331cfffd339ba1bc6646e5601463a2055f5f4681
2018-07-03 06:25:13 Relaying wtx aa0523b21e15e6e8c293b697331cfffd339ba1bc6646e5601463a2055f5f4681
2018-07-03 06:25:14 received: ping (8 bytes) peer=578
2018-07-03 06:25:14 sending pong (8 bytes) peer=578
2018-07-03 06:25:14 sending ping (8 bytes) peer=578
2018-07-03 06:25:14 received: pong (8 bytes) peer=578
2018-07-03 06:25:15 sending inv (37 bytes) peer=578
2018-07-03 06:25:15 received: getdata (37 bytes) peer=578
2018-07-03 06:25:15 received getdata (1 invsz) peer=578
2018-07-03 06:25:15 received getdata for: witness-tx aa0523b21e15e6e8c293b697331cfffd339ba1bc6646e5601463a2055f5f4681 peer=578
2018-07-03 06:25:15 sending tx (226 bytes) peer=578
2018-07-03 06:25:15 received: reject (46 bytes) peer=578
2018-07-03 06:25:15 Reject tx code 64: non-final: hash aa0523b21e15e6e8c293b697331cfffd339ba1bc6646e5601463a2055f5f4681
2018-07-03 06:25:15 Unknown command "reject" from peer=578
2018-07-03 06:25:16 Flushing wallet.dat
shohu commented 6 years ago

ProcessMessage.tx

if (state.IsInvalid(nDoS))
{
    LogPrint(BCLog::MEMPOOLREJ, "%s from peer=%d was not accepted: %s\n", tx.GetHash().ToString(),
        pfrom->GetId(),
        FormatStateMessage(state));
    if (state.GetRejectCode() > 0 && state.GetRejectCode() < REJECT_INTERNAL) // Never send AcceptToMemoryPool's internal codes over P2P
        connman->PushMessage(pfrom, msgMaker.Make(NetMsgType::REJECT, strCommand, (unsigned char)state.GetRejectCode(),
                           state.GetRejectReason().substr(0, MAX_REJECT_MESSAGE_LENGTH), inv.hash));
    if (nDoS > 0) {
        Misbehaving(pfrom->GetId(), nDoS);
    }
}
bool IsInvalid() const {
    return mode == MODE_INVALID;
}
bool IsInvalid(int &nDoSOut) const {
    if (IsInvalid()) {
        nDoSOut = nDoS;
        return true;
    }
    return false;
}

AcceptToMemoryPoolWorker

    if (!CheckFinalTx(tx, STANDARD_LOCKTIME_VERIFY_FLAGS))
        return state.DoS(0, false, REJECT_NONSTANDARD, "non-final");

validation.cpp

bool CheckFinalTx(const CTransaction &tx, int flags)
{
    AssertLockHeld(cs_main);

    // By convention a negative value for flags indicates that the
    // current network-enforced consensus rules should be used. In
    // a future soft-fork scenario that would mean checking which
    // rules would be enforced for the next block and setting the
    // appropriate flags. At the present time no soft-forks are
    // scheduled, so no flags are set.
    flags = std::max(flags, 0);

    // CheckFinalTx() uses chainActive.Height()+1 to evaluate
    // nLockTime because when IsFinalTx() is called within
    // CBlock::AcceptBlock(), the height of the block *being*
    // evaluated is what is used. Thus if we want to know if a
    // transaction can be part of the *next* block, we need to call
    // IsFinalTx() with one more than chainActive.Height().
    const int nBlockHeight = chainActive.Height() + 1;

    // BIP113 will require that time-locked transactions have nLockTime set to
    // less than the median time of the previous block they're contained in.
    // When the next block is created its previous block will be the current
    // chain tip, so we use that to calculate the median time passed to
    // IsFinalTx() if LOCKTIME_MEDIAN_TIME_PAST is set.
    const int64_t nBlockTime = (flags & LOCKTIME_MEDIAN_TIME_PAST)
                             ? chainActive.Tip()->GetMedianTimePast()
                             : GetAdjustedTime();

    return IsFinalTx(tx, nBlockHeight, nBlockTime);
}

tx_verify.cpp

bool IsFinalTx(const CTransaction &tx, int nBlockHeight, int64_t nBlockTime)
{
    if (tx.nLockTime == 0)
        return true;
    if ((int64_t)tx.nLockTime < ((int64_t)tx.nLockTime < LOCKTIME_THRESHOLD ? (int64_t)nBlockHeight : nBlockTime))
        return true;
    for (const auto& txin : tx.vin) {
        if (!(txin.nSequence == CTxIn::SEQUENCE_FINAL))
            return false;
    }
    return true;
}
class CTxIn
{
public:
   :
    /* Setting nSequence to this value for every input in a transaction
     * disables nLockTime. */
    static const uint32_t SEQUENCE_FINAL = 0xffffffff;
shohu commented 6 years ago

IsFinalTx

bool IsFinalTx(const CTransaction &tx, int nBlockHeight, int64_t nBlockTime)
{
    if (tx.nLockTime == 0)
        return true;
    if ((int64_t)tx.nLockTime < ((int64_t)tx.nLockTime < LOCKTIME_THRESHOLD ? (int64_t)nBlockHeight : nBlockTime))
        return true;
    for (const auto& txin : tx.vin) {
        if (!(txin.nSequence == CTxIn::SEQUENCE_FINAL))
            return false;
    }
    return true;
}

New -> Old ○

In old, IsFinalTx return true by follow sentence

if ((int64_t)tx.nLockTime < ((int64_t)tx.nLockTime < LOCKTIME_THRESHOLD ? (int64_t)nBlockHeight : nBlockTime))
   return true;

Old -> New X

In old, IsFinalTx return false by follow sentence

for (const auto& txin : tx.vin) {
   if (!(txin.nSequence == CTxIn::SEQUENCE_FINAL))
       return false;
}
shohu commented 6 years ago

I found following case

New -> Old X Old -> New ◯

This case is "Old pool height < New pool height" .

So

New -> Old ○ Old -> New X

is "Old pool height > New pool height" .